The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert concerning the exploitation of the legacy Cisco Smart Install (SMI) feature by cybercriminals. According to CISA, threat actors are leveraging this outdated feature to gain unauthorized access to system configuration files on vulnerable devices. Once these files are acquired, attackers can potentially compromise entire networks, posing significant risks to organizations that have not properly secured their Cisco network equipment.
In addition to the exploitation of the SMI feature, CISA has observed the persistent use of weak password types on Cisco devices, further exacerbating security vulnerabilities. These weak passwords make the devices susceptible to password-cracking attacks, allowing adversaries to gain deeper access to network infrastructure. To mitigate these risks, CISA strongly recommends that organizations adopt type 8 password protection for all Cisco devices, which offers a higher level of security for passwords stored within system configuration files.
CISA’s advisory comes in the wake of Cisco’s own warning about a critical vulnerability in its Smart Software Manager On-Prem (CVE-2024-20419), which could allow a remote, unauthenticated attacker to change user passwords. This flaw, with a CVSS score of 10.0, is particularly concerning given its potential for widespread exploitation. Additionally, Cisco has identified several other critical vulnerabilities (CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454) in its Small Business SPA300 and SPA500 Series IP Phones. These flaws could enable attackers to execute arbitrary commands on the operating system or trigger a denial-of-service (DoS) condition.
Given the severity of these vulnerabilities, Cisco has advised users to transition to newer models, as the affected devices have reached end-of-life (EoL) status, and no software updates will be provided to address these flaws. CISA and Cisco’s warnings underscore the importance of regularly updating and securing network devices to protect against evolving cyber threats, particularly when legacy features and outdated equipment are involved. Organizations are urged to review the National Security Agency’s (NSA) Smart Install Protocol Misuse advisory and implement recommended best practices to safeguard their network infrastructure.
Reference:
